Stay safe online this Black Friday
In the lead up to Christmas looms one of the UK’s biggest shopping experiences of the year: Black Friday.
With an estimated £8.74 billion spent last year across retail and digital, the event itself engenders considerable offers from businesses in the UK and around the world. And despite the cost-of-living crisis, 2024 looks to be the same. However, with many retailers promising significant savings on your favourite products, the only true promise Black Friday offers is that criminals will take advantage of the frenzy to steal. With the rise in popularity of AI, another tool is also now available to criminals for nefarious purposes, allowing them to add polish and authenticity to once easily spotted scams. In order not to become a victim in 2024, here’s what to watch out for:
Spoofed shopping sites
Cybercriminals, now aided by generative AI, can create lookalike websites to steal login credentials from users who overlook or fail to spot small URL and design differences. By capitalising on the fear of missing out on a good deal and in the rush to secure significant savings, shoppers may overlook these details and give scammers access to their accounts and financial information.
What to look for
- Differences in the URL spoofed domains like “agros.co.uk” instead of “argos.co.uk” or “jonhlewis.com” rather than “johnlewis.com” are easily missed.
- HTTP instead of HTTPS when visiting legitimate websites from your browser they are often prefixed with “https://”. The “s” in this instance stands for ‘secure’ (sometimes represented as a padlock in the browser next to the site). Without it, your connection is visible to attackers, meaning any sensitive information you input, such as your name and bank details, are easily intercepted.
Phishing emails and texts
Given the prevalence of companies to contact individuals via methods ranging from email to text messages, it remains common for criminals to pose as legitimate companies, from Amazon to the Post Office, to send fraudulent offers with links to spoofed websites, or texts with failed delivery notifications or faked order confirmations to fool people into clicking those links and inputting sensitive details or paying fees to release items they believe they have ordered.
Steps to take
- Check sender’s email and confirm it originates from the company’s official domain. Like spoofed sites, any deviations may be a red flag.
- Log in directly when checking the order status of any item never go to your account using the link you have received. Always access your account through the app or by visiting the sender’s site yourself.
- Query confirmation orders even if you have ordered something from a well-known platform such as Amazon. If you receive order confirmations for items or order numbers you do not recognise, always check with Amazon itself and do not click any links or input any details when prompted.
Scam emails asking to “verify your account”
Given the chaos Black Friday brings, it is not uncommon for criminals to craft fraudulent emails with malicious links that claim suspicious login attempts have been noticed on your account. The sole aim of these emails is to trick the receiver into panicking and selecting the link to the login page of the site and capturing their login credentials when the user inputs them.
Steps to take
- Enable multifactor authentication (MFA) on your accounts will prevent access to your accounts unless you authorise it with an alternative method, such as typing in a code you receive from the company where your account is registered.
- Be aware of emails that create a sense of urgency. Whether it is protecting your account or securing a deal, urgency is a common approach criminals use to convince people of acting immediately so they fail to miss the signs that they are being compromised.
While Black Friday brings excitement at the prospect of securing a bargain otherwise unobtainable throughout the rest of the year, these scams represent a fraction of what criminals are capable of and attempt during this occasion. For more general information on how to stay safe when shopping online, read our earlier blog.